name: Verify FOSSA
on:
  push:
    branches: [master]
  pull_request:
    branches: [master]

permissions:
  contents: read

jobs:
  analyze:
    runs-on: ubuntu-latest

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
        with:
          egress-policy: audit

      - name: Checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

      - name: Install Fossa
        run: "curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | bash"

      - name: Fossa Configure & Analyze
        env:
          # FOSSA Push-Only API Token
          GITHUB_REF: $GITHUB_REF
          FOSSA_API_KEY: 9ee7e8893660832a7387dcc32377fb61
        run: node scripts/run-fossa.js
